I am evaluating SA 6.5R4-1 which comes with version 220.127.116.1131 of Installer Service. Although logically I would absolutely expect Juniper to have fixed the vulnerability by now, I cannot for the life of me find any mention of this fix in any of the SA versions' release notes dated Dec 2009 or later.
Can anyone point me to some clear documentation that addresses the vulnerability and (patch aside) says the vulnerability is fixed from version X forward?
Re: Installer Service version / vulnerability fix question
PSN Issue : Client vulnerabilities found and fixed through a combination of internal and external proactive security testing: - A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. - A policy checking issue in Secure Virtual Workspace. (not applicable to UAC) - A security issue has been identified in Juniper Installer Service that could allow an unauthenticated remote attacker to compromise your system and gain control over it.
Solution: Upgrade is recommended to the following or later releases: - SA (IVE): 6.0R12; 6.1R8; 6.2R6; 6.3R5; 6.4R2; 6.5R1 - UAC: 3.0R2